Communications Security Establishment

• Potential adversaries are leveraging and developing cyber capabilities in effort to exploit vulnerabilities in our cyber systems.
• The CSE Act allows the Communications Security Establishment (CSE) to carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to, or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.
• CSE employs sophisticated cyber tools and technical expertise to help identify, prepare for, and defend against cyber threats, as well as to impose costs on malign actors that seek to harm Canada’s information systems, networks, businesses, and institutions.
• CSE’s Canadian Centre for Cyber Security (the Cyber Centre) is Canada’s authority on cyber security. As a unified source of expert advice and guidance, CSE’s Cyber Centre leads the Government’s operational response to cyber incidents. The Cyber Centre also collaborates with the rest of government, the private sector and academia to strengthen Canada’s cyber resilience.
• Cyber operations capabilities are also a key element of military and state power, needed to deter and defeat external threats to Canada in times of peace and conflict.
• CSE and the Canadian Armed Forces (CAF) continue to work with domestic and international partners to support and build a stable cyberspace built on the respect for international law and the norms of responsible state behaviour in cyberspace.
• The CAF contributes to international peace and security through cyber threat intelligence sharing with Allies and partners, and through the conduct of full spectrum cyber operations as authorized by the Government of Canada.
• For example, the CAF currently provides cyber defence assistance to Latvia and Ukraine to bolster the ability of both nations to defend against malicious cyber activities.

• The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference, regardless of the source.
• In the lead up to and during the 2021 Federal Election, the Communications Security Establishment (CSE), the Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), and the Royal Canadian Mounted Police (RCMP) worked together closely as part of the Security and Intelligence Threats to Elections Task Force (SITE).
• CSE’s Cyber Centre also worked with Elections Canada to help secure election systems and infrastructure.
• Our security and intelligence agencies coordinated integrated government efforts by raising awareness, monitoring, and reporting on threats, and providing advice to protect our democracy.
• CSE’s 2023-24 National Cyber Threat Assessment (NCTA) highlights how online foreign influence activities have become a new normal with adversaries seeking to influence elections and impact international discourse related to current events.
• SITE Task Force partners will continue to work within their respective mandates to detect and counter possible foreign threats to Canada and its democratic institutions.
• While Canada’s democratic institutions and processes are strong and resilient, CSE continues to actively work to ensure their continued protection.

• Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
• Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada’s information systems and networks, and to take active measures to address them.
• CSE’s Canadian Centre for Cyber Security (Cyber Centre) uses sensors to detect malicious cyber activity on government networks, systems and cloud infrastructure; and networks, systems and electronic infrastructures of importance to the Government of Canada.
• This year, CSE’s automated defences protected the Government of Canada from 2.3 trillion malicious actions, an average of 6.3 billion a day.
• It is critical that Canada has strong cyber defence capabilities as recent geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats, this was outlined in the 2023-2024 National Cyber Threat Assessment (NCTA).
• CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
• Cyber security matters to all of us, and the federal government works together with other jurisdictions, organizations, as well as critical infrastructure network defenders to raise Canada’s cyber security bar.
• If Canadian companies have been impacted by cyber threats, they are urged to contact the Cyber Centre toll free at 1-833-CYBER-88, by email contact@cyber.gc.ca or visit Report a cyber incident.

• The Communications Security Establishment (CSE) operates within strict internal and external mechanisms to ensure its activities comply with the law and protect the privacy of Canadians and people in Canada.
• CSE is committed to being as open and transparent as possible, while still protecting classified matters of national security.
• CSE and its Canadian Centre for Cyber Security (Cyber Centre) publish numerous publications on their websites to enhance transparency and share information with Canadians.
• Some of those key publications include CSE's Annual Report, the National Cyber Threat Assessment (NCTA), Threats to Democratic Institutions Report (TDP), as well as various cyber threat alerts.
• In addition, in 2019, the government enhanced the review and oversight of CSE, as well as the broader security and intelligence community, following the Royal Assent of Bill C-59, The National Security Act.
• CSE is subject to ongoing review by two independent external review bodies:
  • the National Security and Intelligence Review Agency (NSIRA); and
  • the National Security and Intelligence Committee of Parliamentarians (NSICOP).
• Based on their distinct mandates, both NSIRA and NSICOP are responsible for reviewing Government of Canada national security and intelligence activities. Whereas NSIRA consists of Governor-in-Council appointees, NSICOP consists of members of Parliament and Senate.
• Together the two organizations help ensure CSE and other members of the security and intelligence community are held accountable for their national security and intelligence activities.
• Through the publication of reports, NSIRA and NSICOP also increase transparency for Canadians on the activities of the security and intelligence community.
• To support their reviews, CSE provides both NSICOP and NSIRA with extensive access to information, documents, records, and subject matter experts.
• In addition to NSIRA and NSICOP, the Intelligence Commissioner (IC) provides oversight by approving authorizations for certain CSE and CSIS activities prior to their execution.
• Similar to review bodies, the Intelligence Commissioner prepares annual public reports that allows Canadians to have a better understanding of the activities CSE and CSIS undertake.
• CSE values independent, external review and oversight of their activities, and remains committed to a positive and ongoing dialogue with these important institutions.

• Ransomware poses a threat to Canada’s national security and economic prosperity.
• Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key.
• Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
• Ransomware can incur significant costs, disrupt the operation of important systems, damage or destroy an organization’s data, and reveal sensitive information.
• A ransomware attack can prevent access to essential services and in some cases, threaten Canadians’ physical safety and wellbeing.
• The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.
• In 2021, CSE shared a ransomware playbook for incident prevention and recovery, and an updated cyber threat bulletin. CSE also published, the 2023-2024 National Cyber Threat Assessment (NCTA) which highlights the cyber threats faced by individuals and organizations in Canada, including ransomware. 
• Although it remains a business decision, organizations should be aware that paying a ransom funds criminal enterprises. It also enables further malicious cyber activity and ultimately there is no guarantee that cybercriminals will return stolen information.

If pressed on any specific ransomware group and/or activities:

• CSE does not comment on specific cyber security incidents; however, they continue to provide advice and guidance to Canadians and Canadian organizations, if and when requested.
• CSE’s Canadian Centre for Cyber Security continues to monitor new forms of ransomware and vulnerabilities, and shares tips and threat information with partners across Canada to help mitigate risks.
• I encourage all victims to report cybercrime activities to local law enforcement and the RCMP. I would also encourage victims to report a cyber incident to CSE’s Canadian Centre for Cyber Security (Cyber Centre) so that they can help share threat-related information with partners to help keep Canada and Canadians safe online.

• The Government of Canada conducted an extensive examination of 5G wireless technology and the various technical, economic, and national security aspects of 5G implementation.
• As a result of this examination, Bill C-26, An Act Respecting Cyber Security (ARCS) was introduced in June 2022 to further strengthen our telecommunications system and protect our national security.
• This legislation will amend the Telecommunications Act to allow the Government to take action to prohibit the use of equipment or services from low confidence suppliers.
• In addition, the Communications Security Establishment’s (CSE) Security Review Program (SRP), which has a proven track-record of protecting Canada’s 3G/4G/LTE networks, will evolve to consider the security of Canada’s telecommunications system more broadly.
• Under the new Telecoms Cyber Resilience Program, CSE continues to work with Canadian telecommunications service providers (TSPs) to help them mitigate cyber security and supply chain risks.
• Together, these efforts are part of a robust strategy to defend the critical digital infrastructure upon which Canadians rely.

• Over the years, CSE has experienced continued and sustained growth that has enabled the agency to adapt and address the growing cybersecurity landscape.
• No other governmental agency within Canada is undertaking the crucial cyber security work done at CSE. In fact, only a few other jurisdictions around the world have similar operations thereby positioning Canada’s cryptological agency at the forefront of cyber operations and defence.
• Recruiting skilled employees in the high-tech field remains challenging and highly competitive. At CSE, the same is true due to the specific technical competencies required for many positions within the organization.
• Despite the highly competitive nature of recruitment, CSE has been recognized as a Top Employer in 2020, 2021, and 2022, as well as one of Canada’s Top Employers for Youth for the past six years in a row.
• CSE and the Canadian Centre for Cyber Security are hiring for a variety of positions including foreign language intelligence analysts, engineers, mathematicians, computer science specialists and cyber security professionals.
• CSE also received significant recognition through Budget 2022 in which proposed $875.2 million over five years for CSE, beginning in 2022-23, for additional measures to address the rapidly evolving cyber threat landscape.